The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-24508 | Win32 File Enumeration Remote Code Execution Vulnerability | MEDIUM | Mar 9, 2022 |
| CVE-2022-24509 | Microsoft Office Visio Remote Code Execution Vulnerability | MEDIUM | Mar 9, 2022 |
| CVE-2022-24510 | Microsoft Office Visio Remote Code Execution Vulnerability | MEDIUM | Mar 9, 2022 |
| CVE-2022-24511 | Microsoft Office Word Tampering Vulnerability | LOW | Mar 9, 2022 |
| CVE-2022-24512 | .NET and Visual Studio Remote Code Execution Vulnerability | MEDIUM | Mar 9, 2022 |
| CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24515 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 |
| CVE-2022-24516 | Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477. | -- | Aug 11, 2022 |
| CVE-2022-24517 | Azure Site Recovery Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 |
| CVE-2022-24518 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 |
| CVE-2022-24519 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Mar 14, 2022 |
| CVE-2022-24520 | Azure Site Recovery Remote Code Execution Vulnerability | MEDIUM | Mar 14, 2022 |
| CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24522 | Skype Extension for Chrome Information Disclosure Vulnerability | LOW | Mar 9, 2022 |
| CVE-2022-24523 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | MEDIUM | Apr 5, 2022 |
| CVE-2022-24525 | Windows Update Stack Elevation of Privilege Vulnerability | MEDIUM | Mar 9, 2022 |
| CVE-2022-24526 | Visual Studio Code Spoofing Vulnerability | MEDIUM | Mar 9, 2022 |
| CVE-2022-24527 | Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24528 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24530 | Windows Installer Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24532 | HEVC Video Extensions Remote Code Execution Vulnerability | HIGH | Apr 15, 2022 |
| CVE-2022-24533 | Remote Desktop Protocol Remote Code Execution Vulnerability | HIGH | Apr 15, 2022 |
| CVE-2022-24534 | Win32 Stream Enumeration Remote Code Execution Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24536 | Windows DNS Server Remote Code Execution Vulnerability | HIGH | Apr 15, 2022 |
| CVE-2022-24537 | Windows Hyper-V Remote Code Execution Vulnerability | HIGH | Apr 15, 2022 |
| CVE-2022-24538 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24539 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24540 | Windows ALPC Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24541 | Windows Server Service Remote Code Execution Vulnerability | HIGH | Apr 15, 2022 |
| CVE-2022-24542 | Windows Win32k Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24544 | Windows Kerberos Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24545 | Windows Kerberos Remote Code Execution Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24546 | Windows DWM Core Library Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24547 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24548 | Microsoft Defender Denial of Service Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24549 | Windows AppX Package Manager Elevation of Privilege Vulnerability | MEDIUM | Apr 15, 2022 |
| CVE-2022-24550 | Windows Telephony Server Elevation of Privilege Vulnerability | HIGH | Apr 15, 2022 |
| CVE-2022-24551 | A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633. | HIGH | Feb 11, 2022 |
| CVE-2022-24552 | A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633. | HIGH | Feb 11, 2022 |
| CVE-2022-24553 | An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution. | HIGH | Feb 22, 2022 |
| CVE-2022-24562 | In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim\'s endpoint, which can result in data theft and remote code execution. | HIGH | Jun 16, 2022 |
| CVE-2022-24563 | In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options via the intro_title and intro_image parameters. | LOW | Mar 3, 2022 |
| CVE-2022-24564 | Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user. | MEDIUM | Feb 22, 2022 |
| CVE-2022-24565 | Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications. | LOW | Feb 24, 2022 |
| CVE-2022-24566 | In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting (XSS). | LOW | Feb 24, 2022 |
| CVE-2022-24568 | Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | HIGH | Feb 10, 2022 |
| CVE-2022-24571 | Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. | HIGH | Mar 3, 2022 |
| CVE-2022-24572 | Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | MEDIUM | Feb 28, 2022 |
| CVE-2022-24573 | A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field. | MEDIUM | Mar 3, 2022 |
